Levelone WBR-3402TX Bedienungsanleitung

1 LevelOne WBR-3402TX 1W,4L 11g Wireless ADSL Router w/VPN/Printer Server(USB) User`s Manual

10 CCChhhaaapppttteeerrr 333 NNNeeetttwwwooorrrkkk SSSeeettttttiiinnngggsss aaannnddd SSSoooffftttwwwaaarrreee IIInnnssstttaaallllllaa

100 Right-click [IP Security Policies on Local Computer], and click [Create IP Security Policy]. Click the [Next] button, enter your policy’s name

101 Build 2 Filter Lists: “xp->router” and “router->xp” Filter List 1: xp-> router In the “new policy’s properties” screen, select [Use Ad

102 click [Add] button

103 Enter a name, for example: xp->router and dis-select [Use Add Wizard] check box. Click [Add] button.

104 In the Source address field, select [A specific IP Address]. and fill in IP Address: 192.168.1.1 In the Destination address field, select [A spe

105 Click [OK] button. Then click [OK] button on the “IP Filter List” page.

106 select [Filter Action], select [Require Security], then click [Edit] button.

107 select [Negotiate security], Select [Session key Perfect Forward Secrecy (PFS)] click [Edit] button.

108 select [Custom] button

109 Select [Data integrity and encryption (ESP)] Configure “Integrity algorithm”: [MD5] Configure “Encryption algorithm”: [DES] Configure “Generate a

11 3.2 Install the Software into Your Computers Skip this section if you do not want to use the print server function of this product. Notice: If yo

110 select [Authentication Methods] page, click [Add] button.

111 select [Use this string to protect the key exchange (preshared key)], and enter your preshared key string, such as mypresharedkey. Click [OK]

112 configure [The tunnel endpoint is specified by this IP address]: 192.168.1.254 Select [Connection Type]

113 select [All network connections] Tunnel 2: router->xp In the “new policy’s properties” page, dis-select [Use Add Wizard] check box, and then

114 click [Add] button

115 Enter a name, such as router->xp and dis-select [Use Add Wizard] check box. Click [Add] button.

116 In the Source address field, select [A specific IP Subnet]. fill in IP Address: 192.168.123.0 and Subnet mask: 255.255.255.0. In the Destinatio

117 Click [OK] button. Then click [OK] button on [IP Filter List] window.

118 select [Filter Action tab], select [Require Security], then click [Edit] button.

119 select [Negotiate security], Select [Session key Perfect Forward Secrecy (PFS)] click [Edit] button.

12 Step 3: Select the destination folder and click on the Next button. Then, the setup program will begin to install the programs into the destinatio

120 select [Custom] button

121 Select [Data integrity and encryption (ESP)] Configure “Integrity algorithm”: [MD5] Configure “Encryption algorithm”: [DES] Configure “Generate

122 select [Authentication Methods] page, click [Add] button.

123 select [Use this string to protect the key exchange (preshared key)], and enter the preshared key string, such as mypresharedkey. Click [OK] b

124 Configure [The tunnel endpoint is specified by this IP address]: 192.168.1.1 Select [Connection Type]

125 select [All network connections]

126Configure IKE properties Select [General] Click [Advanced…]

127 enable “Master key perfect forward security (PFS)” configure “Authenticate and generate a new key after every [10000] seconds” click [Methods…]

128 Configure “Integrity algorithm”: [SHA1] Configure “Encryption algorithm”: [3DES] Configure “Diffie-Helman group”: [Medium (2)] Settings on VPN r

129 VPN Settings: VPN: Enable Max. number of tunnels: 2 ID: 1 Tunnel Name: 1 Method: IKE Press “More”

13 CCChhhaaapppttteeerrr 444 CCCooonnnfffiiiggguuurrriiinnnggg AAADDDSSSLLL WWWiiirrreeellleeessssss BBBrrroooaaadddbbbaaannnddd RRRoo

130 VPN Settings - Tunnel 1 – IKE Tunnel:1 Local Subnet:192.168.123.0 Local Netmask:255.255.255.0 Remote Subnet:192.168.1.1 Remote Netmas

131 VPN Settings - Tunnel 1 - Set IKE Proposal ID: 1 Proposal Name: 1 DH Group: Group2 Encrypt. Algorithm: 3DES Auth. Algorithm: SHA1 Life Time: 1

132 VPN Settings - Tunnel 1 - Set IPSec Proposal ID: 1 Proposal Name: proposal1 DH Group: Group2 Encap. Protocol: ESP Encrypt. Algorithm: DES Au

133 AAAppppppeeennndddiiixxx CCC PPPPPPTTTPPP aaannnddd LLL222TTTPPP CCCooonnnfffiiiggguuurrraaatttiiiooonnnsss 1. First, please go t

1343. Choose Virtual Private Network 4. Do not dial to initial connection

1355. Input the router wan ip address 6. Then ok, please input username and password as you setup in the router.

1367. Select the type of VPN

137 However, you should add the Authentication Protocol in advanced(Custom setting) of Security option, like below t o support pap, chap, mschap. I

138 Then the steps refer to pptp settings.

139AAAppppppeeennndddiiixxx DDD 888000222...111xxx SSSeeettttttiiinnnggg Figure 1: Testing Environment (Use Windows 2000 Radius Server)

14 4.1 Start-up and Log in Activate your browser, and disable the proxy or add the IP address of this product into the exceptions. Then, type this

1403.LAN IP address: 192.168.123.254/24. 4.Set RADIUS server IP. 5.Set RADIUS server shared key. 6.Configure WEP key and 802.1X setting. The followi

141 Figure 2: Enable IEEE 802.1X access control

142 Figure 3: Smart card or certificate properties 4.Windows 2000 RADIUS server Authentication testing: 4.1DUT authenticate PC1 using certificate.

143 Figure 4: Certificate information on PC1 Figure 5: Authenticating

144 Figure 6: Authentication success 4.2DUT authenticate PC2 using PEAP-TLS. 1. PC2 choose the SSID of DUT as the Access Point. 2. Set authenticat

145AAAppppppeeennndddiiixxx EEE FFFAAAQQQ aaannnddd TTTrrrooouuubbbllleeessshhhooooootttiiinnnggg Reset to factory Default There are 2

146 4.If you can find one device and unreachable. You must setup the same submask, For example configure the

154.2 Status This option provides the function for observing this product’s working status: A. WAN Port Status. If the WAN port is assigned a dy

16 4.3 Wizard Setup Wizard will guide you through a basic configuration procedure step by step. Press ”Next >”

17 Setup Wizard - Select WAN Type: For detail settings, please refer to 4.4.1 primary setup. 4.4 Basic Setting

18 4.4.1 Primary Setup – WAN Type Press “Change”

19 This page is primary to enable this product to work properly. The setting items and the web appearance depend on the WAN type. Choose correct WAN

2Table of Contents Chapter 1 Introduction ... 4

20 4.4.1.1 Ethernet Over ATM (RFC 1483 Bridged) without NAT This WAN type disable the NAT, this device becomes a pure bridge between your LAN and W

21 4.4.1.2 Ethernet Over ATM (RFC 1483 Bridged) with NAT Dynamic IP Address: Obtain an IP address from ISP automatically. Host Name: optional. Requ

22

23 4.4.1.3 IP over ATM (RFC 1483 Routed) In the Router Mode, NAT is always enabled. You have to set the following WAN IP settings: WAN IP Mode:

244.4.1.4 Classical IP over ATM (RFC 1577) In the Classical IP over ATM Mode, NAT is always enabled. You have to set the following WAN IP settings:

25button to save the configuration into Flash memory, and the reboot this device. 4.4.1.5 PPP over ATM (RFC 2364) Press “More >&g

26 PPPoA Account/Password: The account ID & password provided by your ISP. Maximum Idle Time: The time of no activity disconnect to your PPPoA

27"Save" button to save the configuration into Flash memory, and the reboot this device. 4.4.1.6 PPP over Ethernet (RFC 2516) PPPoE Accou

28PPPoE Service Name: Optional. Input the service name if your ISP requires it. Assigned IP Address: Optional. Required by some ISPs. Once you fin

29 4.4.3 DHCP Server Press “More” The settings of a TCP/IP environment include host IP, Subnet Mask, Gateway, and DNS configurations.

34.8.6 Miscellaneous Items ... 75 Chapter 5 Print Server...

30It is not easy to manually configure all the computers and devices in your network. Fortunately, DHCP Server provides a rather simple approach to h

31Wireless settings allow you to set the wireless configuration items. 1. Network ID(SSID): Network ID is used for identifying the Wireless LAN (WLA

32 4.4.5 Change Password You can change Password here. We strongly recommend you to change the system password for security reason.

33 4.5 Forwarding Rules 4.5.1 Virtual Server

34This product’s NAT firewall filters out unrecognized packets to protect your Intranet, so all hosts behind this product are invisible to the outsid

354.5.2 Special AP Some applications require multiple connections, like Internet games, Video conferencing, Internet telephony, etc. Because of th

364.5.3 Miscellaneous Items IP Address of DMZ Host DMZ (DeMilitarized Zone) Host is a host without the protection of firewall. It allows a compute

374.6 Security Settings

38 4.6.1 Packet Filter Packet Filter enables you to control what packets are allowed to pass the router. Outbound filter applies on all outbound pa

39For source or destination IP address, you can define a single IP address (4.3.2.1) or a range of IP addresses (4.3.2.1-4.3.2.254). An empty implies

4 CCChhhaaapppttteeerrr 111 IIInnntttrrroooddduuuccctttiiiooonnn Congratulations on your purchase of LevelOne WBR-3402 ADSL Wireless Broadba

40 Example 2: (192.168.123.100-192.168.123.119) They can do everything except read net news (port 119) and transfer files via FTP (port 21) Other

41 (192.168.123.100-192.168.123.149) They are allowed to send mail (port 25), receive mail (port 110), and browse Internet (port 80); port 53 (DNS)

42 4.6.2 Domain Filter Domain Filter let you prevent users under this device from accessing specific URLs. Domain Filter Enable Check if you wan

43Example: In this example: 1. URL include “www.msn.com” will be blocked, and the action will be record in log-file. 2. URL include “www.sina.com” w

44 4.6.3 URL Blocking URL Blocking will block LAN computers to connect to pre-defined Websites. The major difference between “Domain filter” and “U

45 In this example: 1.URL include “sex” will be blocked, and the action will be record in log-file. 2.URL include “erotica” will be blocked, but th

46 4.6.4 MAC Address Control MAC Address Control allows you to assign different access right for different users and to assign a specific IP addres

47Control table "Control table" is the table at the bottom of the "MAC Address Control" page. Each row of this table indicates t

48 4.6.5 VPN setting VPN Settings are settings that are used to create virtual private tunnels to remote VPN gateways. The tunnel technology suppor

49System managers of both end gateways only need set the same pre-shared key. Function of Buttons More: To setup detailer configuration for manual

5correctly.  Statistics of WAN Supported Enables you to monitor inbound and outbound packets Wireless functions  High speed for wireless LAN con

50 　 Local netmask Local netmask combined with local subnet to form a subnet domain. 　 Remote subnet The subnet of LAN site of remote VPN gateway,

51•VPN Settings - Set IKE Proposal 　 IKE Proposal index A list of selected proposal indexes from the IKE proposal pool listed below. The selecting a

52 •VPN Settings -Set IPSec Proposal 　 IPSec Proposal index A list of selected proposal indexes from the IPSec proposal pool listed below. The selec

53IPSec proposal. 　 Life time The unit of life time is based on the value of Life Time Unit. If the value of unit is second, the value of life tim

544.6.6 Miscellaneous Items Remote Administrator Host/Port In general, only Intranet user can browse the built-in web pages to perform administratio

554.7 Advanced Setting

56 4.7.1 ADSL Modem Performance Setting Tx Gain Offset This parameter allows the user to add an offset on the Tx gain of the CPE Modem. The offset

57offset. Tx Output Power Offset This parameter allows user to reduce the Tx output power (in the upstream direction). The value should be ranged b

58 4.7.2 System Time Get Date and Time by NTP Protocol Selected if you want to Get Date and Time by NTP Protocol. Time Server Select a NTP time

59 4.7.3 System Log This page support two methods to export system logs to specific destination by means of syslog(UDP) and SMTP(TCP). The items you

6When SPI Mode is enabled, the router will check every incoming packet to detect if this packet is valid.  DoS Attack Detection Supported When this

60E-mail Subject The subject of email alert. This setting is optional.

61 4.7.4 Dynamic DNS To host your server on a changing IP address, you have to use dynamic domain name service (DDNS). So that anyone wishing to

62Username/E-mail Password/Key You will get this information when you register an account on a Dynamic DNS server. Example: After Dynamic DNS setti

63 4.7.5 SNMP Setting In brief, SNMP, the Simple Network Management Protocol, is a protocol designed to give a user the capability to remotely mana

64 1. This device will response to SNMP client which’s get community is set as “public” 2. This device will response to SNMP client which’s set commu

65 4.7.6 Routing Table Routing Tables allow you to determine which physical interface address to use for outgoing IP data grams. If you have more t

66 Example: So if, for example, the host wanted to send an IP data gram to 192.168.3.88, it would use the above table to determine that it had to

67 4.7.7 Schedule Rule You can set the schedule time to decide which service at what time will be turned on or off. Select the “enable” item. Pre

68

69 Schedule Enable Selected if you want to Enable the Scheduler. Edit To edit the schedule rule. Delete To delete the schedule rule, and the ru

7CCChhhaaapppttteeerrr 222 HHHaaarrrdddwwwaaarrreee IIInnnssstttaaallllllaaatttiiiooonnn 2.1 Panel Layout 2.1.1. Front Panel Figure 2-

70Exanple2: Packet Filter – Apply Rule#1 (ftp time: everyday 14:10 to 16:20).

71 4.8 Toolbox

72 4.8.1 View Log You can View system log by clicking the View Log button

73 4.8.2 Firmware Upgrade You can upgrade firmware by clicking Firmware Upgrade button.

74 4.8.3 Backup Setting You can backup your settings by clicking the Backup Setting button and save it as a bin file. Once you want to restore thes

754.8.6 Miscellaneous Items MAC Address for Wake-on-LAN Wake-on-LAN is a technology that enables you to power up a networked device remotely. In or

76 CCChhhaaapppttteeerrr 555 PPPrrriiinnnttt SSSeeerrrvvveeerrr WBR-3402 provides the function of network print server for MS Windows

771. Find out the corresponding icon of your server printer, for example, the HP LaserJet 6L. Click the mouse’s right button on that icon, and then

782. Click the Details item: 3. Choose the “PRTmate: (All-in-1)” from the list attached at the Print To item. Be sure that the Printer Driver item

795.2 Configuring on Windows NT Platforms The configuration procedure for a Windows NT platform is similar to that of Windows 95/98 except the scree

82.1.2. Rear Panel Figure 2-2 Rear Panel Ports: Port Description 5VDC Power inlet: DC 5V, 2A ADSL the port where you will connect your phone jack..

805.3 Configuring on Windows 2000 and XP Platforms Windows 2000 and XP have built-in LPR client, users could utilize this feature to Print. You ha

812.Select “Ports” page, Click “Add Port…” 3. Select “Standard TCP/IP Port”, and then click “New Port…”

824.Click Next and then provide the following information: Type address of server providing LPD that is our NAT device:192.168.123.254 4.

83 6.Select “LPR”, type ” lp“ lowercase letter in “Queue Name:” And enable “LPR Byte Counting Enabled”.

847.Apply your settings

855.4 Configuring on Unix-like based Platforms Please follow the traditional configuration procedure on Unix platforms to setup the print server of

862. Click Add---> Forward. 3. Enter the Pinter Name, Comments then forward.

874. Select LPD protocol and then forward. 5. Enter the router LAN IP Address and the queue name "lp". Then forward.

886. Select the Printer Brand and Model Name. Then Forward. 7. Click Apply to finish setup.

898. At last you must click Apply on the toolbox to make the change take effective. In Command Mode: Linux has built-in LPR client ,You can utiliz

9 Figure 2-3 Setup of LAN and WAN connections for this product. 3. Setup ADSL connection Prepare a telephone cable for connecting this product to yo

905.5 Configuring on Apple PC 1.First, go to Printer center (Printer list) and add printer 2.Choose IP print and setup printer ip address (ro

91AAAppppppeeennndddiiixxx AAA TTTCCCPPP///IIIPPP CCCooonnnfffiiiggguuurrraaatttiiiooonnn fffooorrr WWWiiinnndddooowwwsss 999555///999

925. Select Microsoft item in the manufactures list. And choose TCP/IP in the Network Protocols. Click OK button to return to Network window. 6.

93 A.2 Set TCP/IP Protocol for Working with NAT Router 1. Click Start button and choose Settings, then click Control Panel. 2. Double click Network i

94a. Select Obtain an IP address automatically in the IP Address tab. b. Don’t input any value in the Gateway tab.

95c. Choose Disable DNS in the DNS Configuration tab. B. Configure IP manually a. Select Specify an IP address in the IP Address tab. The default

96 b. In the Gateway tab, add the IP address of this product (default IP is 192.168.123.254) in the New gateway field and click Add button. c. In

97AAAppppppeeennndddiiixxx BBB WWWiiinnn 222000000000///XXXPPP IIIPPPSSSEEECCC SSSeeettttttiiinnnggg ggguuuiiidddeee Example:

98 Double-click [Administrative Tools]

99 Local Security Policy Settings Double-click [Local Security Policy]